<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org" xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<head>
    <div th:replace="fragments/header :: header-css"/>
</head>
<body>

<div th:replace="fragments/header :: header"/>

<div class="container">

    <div class="starter-template">
        <p> $ param.foo : <input type="text" th:value="${param.foo}"/></p>
        <p> $ session.foo : <input type="text" th:value="${session.sessionKey}"/></p>
        <p> $ application.foo : <input type="text" th:value="${application.applicationKey}"/></p>
        <p> $ myRequestAttribute : <input type="text" th:value="${requestKey}"/></p>
        <p>$ contextPath : [[${#servletContext.contextPath}]]</p>
    </div>

    <div class="starter-template">
        <div sec:authentication="jobName">
            The value of the "jobName" property of the authentication object should appear here.
        </div>

        <!-- see AbstractUserDetailsAuthenticationProvider how to use forcePrincipalAsString -->
         <div sec:authentication="details">
            The value of the "Details" property of the authentication object should appear here.
        </div>

        <div sec:authorize="hasRole('ROLE_ADMIN')">
            This will only be displayed if authenticated user has role ROLE_ADMIN.
        </div>
        <div sec:authorize="${hasRole(#vars.expectedRole)}">
            This will only be displayed if authenticated user has a role computed by the controller.
        </div>
        <div sec:authorize-url="/admin">
            This will only be displayed if authenticated user can call the "/admin" URL.
        </div>
    </div>

</div>
<!-- /.container -->

<div th:replace="fragments/footer :: footer"/>

</body>
</html>